test from the snapshots or the Git before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+Version 4.94
+------------
+
+ 1. EXPERIMENTAL_SRS_NATIVE optional build feature. See the experimental.spec
+ file.
+
+ 2. Channel-binding for authenticators is now supported under OpenSSL.
+ Previously it was GnuTLS-only.
+
+ 3. A msg:defer event.
+
+ 4. Client-side support in the gsasl authenticator. Tested against the plaintext
+ driver for PLAIN; only against itself for SCRAM-SHA-1 and SCRAM-SHA-1-PLUS
+ methods.
+
+ 5. Server-side support in the gsasl authenticator for encrypted passwords, as an
+ alternate for the existing plaintext.
+
+ 6. Variable $local_part_verified, set by the router check_local_part condition
+ with untainted data.
+
+
Version 4.93
------------
11. Main options for DKIM verify to filter hash and key types.
-12. Under GnuTLS, with TLS1.3, support for full-chain OCSP stapling.
+12. With TLS1.3, support for full-chain OCSP stapling.
13. Dual-certificate stacks on servers now support OCSP stapling, under OpenSSL.
+14: An smtp:ehlo transport event, for observability of the remote offered features.
+
+15: Support under OpenSSL for writing NSS-style key files for packet-capture
+ decode. The environment variable SSLKEYLOGFILE is used; if an absolute path
+ it must indicate a file under the spool directory; if relative the the spool
+ directory is prepended. Works on the server side only. Support under
+ GnuTLS was already there, being done purely by the library (server side
+ only, and exim must be run as root).
+
+16: Command-line option to move messages from one named queue to another.
+
+17. Variables $tls_in_ver, $tls_out_ver.
+
Version 4.92
--------------